Security Researcher slipstream/RoL posted Proof-of-concept exploits online (3 OEMs Vulnerable To Three Vulnerability Your PCs At Risk) demonstrating how to compromise machines available on the market.
Three OEMs. Three applications preinstalled. Three exploits. https://t.co/P4GMkNCabZ
— slipstream/RoL (@TheWack0lian) 3 Dicembre 2015
“By convincing a user who has launched the Lenovo Solution Center to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with SYSTEM privileges. Additionally, a local user can execute arbitrary code with SYSTEM privileges,” said CERT, which is backed by the US Department of Homeland Security.
“The CERT/CC is currently unaware of a practical solution to this problem. However, please consider the following workaround: uninstall Lenovo Solution Center to prevent exploitation of these vulnerabilities. Closing any running instance of Lenovo Solution Center also prevents exploitation.”
Lenovo Solution Center security advisory posted on company website confirms that the company is urgently working on a fix.
“We are urgently assessing the vulnerability report and will provide an update and applicable fixes as rapidly as possible. Additional information and updates will be posted to this security advisory page as they become available.” States the advisory.
Mitigation Strategy for Customers (what you should do to protect yourself) By Lenovo Solution Center : To remove the potential risk posed by this vulnerability, users can uninstall the Lenovo Solution Center application using the add / remove programs function.
By the way, the Lenovo Solution Center flaw is also exploitable remotely via CSRF, if the Lenovo Solution Center is open! Open Lenovo Solution Center and click here for a SYSTEM shell! Security Researcher Said
You can fetch exploit binaries and source code from oemdrop.
Summarizing the security vulnerabilities, according to CERT and Slipstream:
Remove Bloatware From Windows With Decrap My Computer
Decrap My Computer allows you to easily and safely remove all of the bloatware that comes pre-installed by the manufacturer on a new Windows PC. It can take hours or even days to get all the pre-installed software removed from your new computer, but with this little freeware utility you can completely uninstall all the unneeded software.
Best of all, Decrap My Computer can do all the operations needed to remove bloatware on its own, without any user input! It even clicks the usual “Next” and various other confirmation buttons of most common software uninstallers.
See how it works!
This video shows Decrap My Computer removes all the pre-installed software of a brand new Acer Aspire V3 laptop. Notice that after the final confirmation box has been closed, there is zero user input, all the uninstallers are automatically run by the Decrap My Computer program!
About the author Mayur Agnihotri
Mayur Agnihotri has a Bachelors of Engineering from Information Technology. He got a number of Infosec Certifications, including C|EH – Certified Ethical Hacker , Cyber Security for Industrial Control Systems, Operational Security for Control Systems, Advanced Security In The Field, Basic Security In The Field.
Twitter : @I_AM_Mayur0021
Edited by Pierluigi Paganini
(Security Affairs – PC, security flaws)